From b448c2bcf48e4772f0917a0591139781d99cc025 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 9 Mar 2016 19:53:05 +0100
Subject: [PATCH] push sibelius archive rsync via puppet, make it ssl

---
 hieradata/common.yaml                          |  2 ++
 modules/ferm/manifests/per-host.pp             |  2 +-
 modules/roles/files/archive_master/rsyncd.conf | 18 ++++++++++++++++++
 modules/roles/manifests/archive_master.pp      | 14 ++++++++++++++
 4 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 modules/roles/files/archive_master/rsyncd.conf
 create mode 100644 modules/roles/manifests/archive_master.pp

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index fafbeca5c..d806e65b7 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -4,6 +4,8 @@ searchpaths: []
 resolvoptions: []
 allow_dns_query: []
 roles:
+  archive_master:
+    - sibelius.debian.org
   bugsmx:
     - buxtehude.debian.org
   bugs_master:
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index ad40eb149..3876d2a30 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -3,7 +3,7 @@ class ferm::per-host {
 		include ferm::zivit
 	}
 
-	if $::hostname in [glinka,rietz,sibelius] {
+	if $::hostname in [glinka,rietz] {
 		ferm::rule { 'dsa-rsync':
 			domain      => '(ip ip6)',
 			description => 'Allow rsync access',
diff --git a/modules/roles/files/archive_master/rsyncd.conf b/modules/roles/files/archive_master/rsyncd.conf
new file mode 100644
index 000000000..976bb13c3
--- /dev/null
+++ b/modules/roles/files/archive_master/rsyncd.conf
@@ -0,0 +1,18 @@
+uid = nobody
+gid = nogroup
+max connections = 25
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 7200
+log file = /var/log/rsyncd/rsyncd-archive.log
+
+[debian-archive]
+  path = /srv/mirrors/debian-archive
+  comment = Debian Historical Archives (use -H to save space)
+  read only = true
+
+[archive]
+  path = /srv/mirrors/debian-archive
+  comment = Debian Archive (use -H to save space)
+  read only = true
+  list = no
diff --git a/modules/roles/manifests/archive_master.pp b/modules/roles/manifests/archive_master.pp
new file mode 100644
index 000000000..04548a546
--- /dev/null
+++ b/modules/roles/manifests/archive_master.pp
@@ -0,0 +1,14 @@
+class roles::archive_master {
+	$sslname = 'archive-master.debian.org'
+
+	rsync::site { 'archive_master':
+		source        => 'puppet:///modules/roles/archive_master/rsyncd.conf',
+		max_clients   => 100,
+		sslname       => $sslname,
+	}
+
+	ssl::service { $sslname:
+		key => true,
+		tlsaport => [],
+	}
+}
-- 
2.20.1